local admins report (AAD joined devices)

crib bar 841 Reputation points
2024-07-29T11:20:31.67+00:00

We used to run a tool called 'Get Local Admins GUI' when our servers and workstations were joined to an on-premises active directory domain, that would show which users and groups had local admin rights to all of our servers and workstations, and we could output the file to a CSV:

[http://www.cjwdev.co.uk/Software/GetLocalAdminsGUI/Info.html]

We are looking for an equivalent tool or script that can pull the same information from Azure AD / InTune managed devices, for an audit. Or any out-of-the-box reports within Azure AD/InTune that we could possibly use?

Do you have any recommendations if you have had to produce something like this? Ideally it would be something that would run over the entire directory/inventory for all devices, and not have to query each device as there is a sizeable number.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
5,811 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,568 questions
Microsoft Entra
0 comments No comments
{count} votes

Accepted answer
  1. Marcin Policht 36,260 Reputation points MVP
    2024-07-29T11:43:56.3466667+00:00

    Refer to https://www.petervanderwoude.nl/post/enhance-inventory-reporting-with-local-administrator-information/


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. ZhoumingDuan-MSFT 16,045 Reputation points Microsoft Vendor
    2024-07-30T02:29:36.89+00:00

    @crib bar, Thanks for posting in Q&A.

    From your description, I know you want to create a report via Intune to show which users and groups had local admin rights to all of your servers and workstations.

    Based on my research, there is no specific report available to get the information about users who have local admin rights on their devices via Intune. However, I find a link describe the methods of gathering local admin info via script as a reference:

    https://www.systanddeploy.com/2021/12/intune-reporting-with-log-analytics.html

    Non-official, just for reference.

    Also you can open premier case to see if you can get more help on this.

    https://learn.microsoft.com/en-us/mem/get-support

    Thanks for your understanding.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.